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KEY MANAGEMENT SERVER, CHAT 
SYSTEM TERMINAL UNIT, CHAT SYSTEM 
AND RECORDING MEDIUM 

BACKGROUND OF THE INVENTION 

The present invention relates to a chat system for per- 
forming the communication real time using a character or 
the like, a chat system terminal unit, a key management 
server for supplying a key to the encryption of the 
communication, and a recording medium readable between 
computers on a computer network such as the internet or the 
intranet. 

FIG. 1 is a diagram for explaining the principle of a 
conventional chat system. In this chat system, communica- 
tion channels A to C (51 to 53) are opened on a chat server 
50 connected to a computer network. The user connects the 
chat server 50 by chat clients (terminal units) 60 to 69 and 
thus selectively connects the channels A to C (51 to 53). As 
a result, the communication using a character or the like can 
be accomplished between users connected to the same 
channel. Generally, the information transmitted from a user 
is distributed to all the users connected to the same channel. 
Also, even on a channel connected with three or more users, 
one-to-one communication between users is possible. 

FIG. 2 is a block diagram showing a configuration 
example of the essential parts of the conventional chat 
system. In this chat system, first, an input unit 14 of a chat 
client 5 receives an input signal from a keyboard (not 
shown). In FIG. 2, only a single chat client 5 is shown as a 
representative. An input signal received by the input unit 14 
is transmitted by a transmission section 16 to a channel X(4) 
which, in the chat server 2 is selected by a channel selection 
section 10. A signal arriving from other chat clients through 
the channel X(4) in the chat server 2 is received by a 
receiving section 17. The signal received by the receiving 
section 17 is output by an output unit 19 to and is displayed 
on a display screen (not shown). 

In this chat system, the communication between the chat 
client and the chat server is carried out in a plaintext and 
therefore a communication text is liable to be eavesdropped 
midway of the communication line. 

A method suggested for preventing the eavesdropping is 
to encrypt the communication text using a secret key pre- 
pared by a chat server. FIG. 3 is a block diagram showing an 
example configuration of the essential parts of a conven- 
tional chat system with the communication text encrypted. 
The chat server 7 of the chat system includes a channel 
secret key generation section 34, an encryption section 33, 
a channel secret key request receiving section 31 and a 
channel secret key distribution section 32. The channel 
secret key generation section 34 generates a channel secret 
key unique to each channel for encrypting/decrypting the 
communication data exchanged through a channel in the 
server 7 managed by the server 7. The encryption section 33 
encrypts the channel secret key generated by the channel 
secret key generation section 34. The channel secret key 
request receiving section 31 receives a distribution request 
of the channel secret key unique to the channel X(4) from a 
chat client 6 through the channel X(4). When the channel 
secret key request receiving section 31 receives the distri- 
bution request, the channel secret key distribution section 32 
distributes the channel secret key unique to the channel X(4) 
encrypted by the encryption section 33 to the chat client 6 
through the channel X(4). In FIG 3, only one chat client 6 
is shown to represent all chat clients. 

The chat client 6 of the chat system includes a channel 
selection section 10 for selecting a connected channel, a 
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channel secret key request section 11 for requesting a 
channel secret key unique to the channel X(4) through the 
channel X(4) selected by the channel selection section 10, a 
channel secret key receiving section 12 for receiving the 

5 channel secret key requested by the channel secret key 
request section 11, a channel secret key decryption section 
13 for decrypting the channel secret key received by the 
channel secret key receiving section 12, and an input unit 14 
for receiving the input signal from a keyboard (not shown). 

30 The client 6 of the chat system includes an encryption 
section 15 for encrypting the input signal received by the 
input unit 14 using the channel secret key decrypted by the 
channel secret key decryption section 13, a transmission 
section 16 for transmitting the input signal encrypted by the 

15 encryption section 15 to the channel X(4), a receiving 
section 17 for receiving the signal arriving from other 
channel clients through the channel X(4), a decryption 
section 18 for decrypting the signal received by the receiv- 
ing section 17 using the channel secret key, and an output 

20 unit 19 for outputting and displaying the received signal 
decrypted by the decryption section 18 in the form of 
character on a display screen (not shown). 

With the chat system having this configuration, the chat 
server 7 generates a secret key of each channel at the channel 

25 secret key generation section 34 and encrypts the channel 
secret key at the encryption section 33. 

The chat client 6 selects the connected channel at the 
channel selector 10, and the channel secret key request 

3o section 11 requests the chat server 7 for a channel secret key 
unique to the channel X(4) through the channel X(4) 
selected by the channel secret key request section 11. The 
chat server 7 accepts the request at the channel secret key 
request receiving section 31 and distributes the encrypted 

35 channel secret key unique to the channel X(4) to the chat 
client 6 through the channel X(4). 

The chat client 6 receives the requested channel secret key 
unique to the channel X(4) at the channel secret key receiv- 
ing section 12, and decrypts the received channel secret key 

40 at the channel secret key decryption section 13. The chat 
client 6 encrypts/decrypts the signal transmitted/received to 
and from the channel X(4) at the encryption section 
15/decryption section 18 using the decrypted channel secret 
key. 

45 In the above-mentioned chat system, however, the com- 
munication text on the chat server 7 can be modified into a 
plaintext and eavesdropped by reconstructing the chat server 
7. Even when the plaintext is encrypted by the secret key 
prepared by the chat server, therefore, the likelihood of 

50 eavesdropping is not eliminated. 

BRIEF SUMMARY OF THE INVENTION 

The present invention is intended to solve the above- 
mentioned problems and the object thereof is to provide a 

55 key management server, a chat system terminal unit, a chat 
system and a recording medium for realizing the chat system 
and the terminal unit thereof which are capable of keeping 
a communication secret even in the case where the chat 
server is low in reliability. 

60 According to the present invention, there is provided a 
key management server comprising meaas for generating a 
channel secret key unique to each channel for encrypting/ 
decrypting the communication data exchanged through a 
plurality of channels managed by one or more chat servers, 

65 means for encrypting the channel secret key generated by 
the channel secret key generation means, means for receiv- 
ing the distribution request of the channel secret key unique 
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to a channel through the channel managed by the chat server tributes the channel secret key generated again by the 

from a second terminal unit, and means for distributing the channel secret key generation means, 

channel secret key unique to the channel encrypted by the Consequently, the channel secret key, even if illegally 

encryption means to the second terminal unit through the duplicated, becomes invalid within a short time. Even in the 

same channel. 5 case where a chat server of low reliability is used, therefore, 

In view of the fact that like the chat client, the key the communication can be kept secret, 

management server constituting a terminal unit as viewed Furthermore, in the key management server according to 

from the chat server generates a channel secret key unique thc i nven tion, the public key acquisition means holds the 

to each channel, the communication can be kept secret even acquired public key for a predetermined length of time, 

when a chat server low in reliability is used. 10 , . 

t , . . With this key management sever, the public key acquisi- 

Also, in the key management server accorduig to this ^ means hokJs (he acquired bhc k for , deter . 

invention the channel secret key generation means gener- mined x ^ of time> and therefore it is not nece ssary to 

ates the channel secret key unique to each of the groups ire the re)ated b]ic k each time the lermina] uni , is 

which is divided so as to include a plurality of terminal units connect ed to the channel, 

in the channel, and the receiving means receives the distri- 15 „ ... , 

bution request for the channel secret key for each group from . Pu f Br ' ln ' he , k key ™™Sf>^™ according to the 

the second terminal unit. invention, when the user of the public key acquired by the 

_, _ ... ... , , public key acquisition means is connected to a plurality of 

Therefore, the communication can be kept secret for each chaflnelS) the encryplion means encrypts the J cm 

group in the same channel. ^ key UQique tQ cach channd ^ ^ ^ key for 

Further, the key management server according to this anv channel. 

invention comprises a public key acquisition means for A u 4 . . . . , . , , 

, V- i • * r . ^ a result, the user is not required to have a pubhc key 

acquiring a public key unique to a user from an external unit, i . i-^ V(W Jl _ „„„ . -i iU 

j * 4.1. • ■ • * . . , . and the public key acquisition means can easily manage the 

and when the receiving means receives a distribution acquired public ke 
request, the encryption means encrypts the channel secret 

key generated by the channel secret key generation means Furthermore, the key management server according to the 

using the public key unique to the user requesting the invention comprises second receiving means for receiving 

distribution acquired by the public key acquisition means. the P ubHc ke ? ^ibuUon request from the remote user of 

t - f*u f *«u+^u ut i • the second terminal unit through the channel managed by the 

In view of the fact that the public key acquisition means . . * , . .? ? ,r . M J t . 

ii • i . * £ . i cnat server and second distribution means for distributing 

acquires a public key unique to the user from an external ™ *u Lr , - , . . , . " WUU11S 

*u • *• u 1 * * ,i JU the public key acquired by the public key acquisition means 

unit, the communication can be kept secret even in the case , lt f j \ • % •{ L i ■ ■ 

u u „ i . 1 ■ l • j to the second terminal unit when the second receiving means 

where a chat server low in reliability is used. . ,. „ . 5 

_ , , . , . , ... accepts the distribution request. 

Further, the public key acquisition means acquires the ™ A ... 

public key when the second terminal unit is connected to the . ™ creforc . one-to-one communication is possible while 

channel managed by the chat server. 3 5 SCCrCt Wlttun ! ? haMcl mcludm S at least thrce 

„ , , , , terminal units connected therein. 
Consequently, the channel secret key can be encrypted 

and distributed to the terminal unit by the public key. . Mso > the 5** s y stem terminal umt according to the 

^.,,11 t j- . .i - invention includes means for generating a session key for 

Further, in the key management server according to this - , . . t . f r 

#u , & . u . ° iL encrypting/decrypting the commumcation data at the time of 

invention, the public key acquisition means acquires the nna * rt 1 • ■ *• • *u u i a u <u 

, ,. , e * i , . i u j • * iL An one-to-one communication in the channel managed by the 

public key trom the second terminal unit and registers the 40 . t „„„„ « f *u uv i * *l i 

ii' i j *u JL r t. i i chat server, means for requesting the public key to the key 

public key and the user name thereof when connected to the _ ' fj-.-i.7- A. u - i . i 

r , i j u , u , 4 management server for distributing the public key to the 

channel managed by the chat server. T *u u *i_ t. i j l iL L . 

_ L / , remote user through the channel managed by the chat server, 
Therefore, the channel secret key can be encrypted and means for rece ivmg the public key requested for by the 
distributed to the terminal unit by this pubhc key. ^ public key requesting meanSj encrypt ion means for encrypt- 
Furthermore, with the key management server according ing the session key generated by the session key generation 
to the invention, the receiving means receives the authenti- mea ns using the public key received by the receiving means, 
cation information of the user together with the distribution and means for distributing the session key encrypted by the 
request for the channel secret key, judges whether the user encryption means to the terminal unit of the remote user 
authentication information received is correct or not, and ^ through the channel. 

when correct, accepts the distribution request. 50 In mis way> the communication data is encrypted/ 

As a result, the channel secret key is not distributed to decrypted by the session key thus distributed to conduct the 

outsiders, so that even when using a channel server of low one-to-one communication with the terminal unit of the 

reliability, the communication is kept secret. remote user. Therefore, the one-to-one communication can 

Further, with the key management server according to this 5S be conducted while keeping secret within the channel 

invention, the channel secret key generation means gener- including three or more terminal units connected, 

ates a channel secret key based on the information from time Further, the chat system terminal unit according to the 

to time, the information unique to each channel and the invention comprises means for encrypting the communica- 

secret information or the random information held only by Uorj data using the channel secret key unique to each channel 

the terminal associated with the key management server. 60 distributed from the key management server for encrypting/ 

Therefore, it is difficult to duplicate the channel secret key decrypting the communication data exchanged through each 

illegally, so that even in the case where a chat server low in of a plurality of channels managed by one or more chat 

reliability is used, the communication can be kept secret. servers, means for outputting the communication data 

Further, the channel secret key generation means of the encrypted by the encryption means in addition to the infor- 

key management server according to the invention generates 65 mation identifying the encryption to the channel managed by 

again at a predetermined chance the channel secret key the chat server, and means for decrypting the communica- 

generated and distributed, and the distribution means dis- tion data by the channel secret key when the information 
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identifying the encryption is added to the communication FIG. 6 is a block diagram showing an example configu- 

data received from the channel. ration of a chat system according to a first embodiment; 

As a result, the communication data requiring secret can FIG. 7 is a block diagram showing an example configu - 

be encrypted while the communication data requiring no ration of a chat system according to a second embodiment; 

secret can be communicated in the form of a plaintext. * pjQ g [ s a ^y oc ^ diagram showing an example configu- 

Further, the chat system according to this invention com- ration of the channel secret key generation section of FIG. 

prises at least selected two of the key management server, 7; 

the chat system terminal unit and the chat server. FIG. 9 is a block diagram showing an example configu - 

Therefore, the communication can be kept secret without 1Q ration of a chat system according to a third embodiment; 

resorting to the reliability of the chat server. FIGi 10 i s a diagram for explaining the configuration of 

Furthermore, a computer memory product according the a recording medium according to a fourth embodiment of 

invention comprises first computer readable program code the invention; and 

means for causing a computer to generate a channel secret FIG. U is a diagram for explaining a recording medium 
key unique to each channel for encrypting/decrypting the 35 accor din g to another embodiment, 
communication data exchanged through the channel man- 
aged by one or more chat servers, second computer readable DETAILED DESCRIPTION OF THE 
program code means for causing the computer to receive a INVENTION 
distribution request for the channel secret key unique to each . - - , j - . * , . 
channel from one terminal unit through the channel man- 20 the P nDC1 P^ f nd ° k a c * at s ^ em f cordin S 
aged by the chat server, and third computer readable pro- 2 ° * the mvcntl0n W1 " ^ desenbed briefly with reference to 
gram code means for causing the computer to distribute the me accompanying drawings, 

channel secret key unique to the channel generated by the FIG 4 1S a diagram for explaining the principle of a chat 

first computer program code means through the channel to s y stcm according to this invention. In this chat system, 

the terminal unit when the second computer program code 25 communication channels A to C (55 to 57) are opened on a 

means receives the distribution request. chat servcr 54 connected to a computer network. The user 

jl i *t i i .... . . „ ... connects to the chat server 54 by chat clients (terminal units) 

As described above, with the computer controlled by this * A , « « „ j i *• i * ) lL . , 

computer program, the channel secret key unique to each 6 A ° l ° 6 ?> " to e f>™ d selectively connects to the channels 

channel is generated and is distributed to the terminal unit, C (» * S3)- channel secret key umque to each of 

_ t ,l„ „ t j . i _ . „ rM . „ „ the channels A to C is generated by a key management server 

so that the communication can be kept secret even when a 30 4 . . . , • 1 . . 

, . f1 1 • l *i j 64a constituting a chent (terminal unit) equivalent to the 

chat server of low reliability is used. t t r , «f n 1 ; j- . -u 

^ t . chat chents 60 to 63, 65 to 69. In response to a distribution 

Further, the computer memory product according to the r , from the chat dients 60 10 a 6S tQ 69 the channel 

present invention comprises fourth computer readable pro- secfet k unj tQ ^ channels AtQ c connected wilh the 

gram code means for causing the computer to acquire the chat clkn|s 60 , 0 63 65 , 0 6 „ rcspectivelv> ar6 distr i but6d . 

public key unique to the user from an external unit, and fifth 35 fa ^ WQK , an e tion scheme shari me samc 

computer readable program code means for causing the secre , k fa j d between the chat clients 60 to « 65 

computer to encrypt the channel secret key generated by the , 0 69 coimected to the cbannels A t0 c . 

first computer program code means using the public key , , - 

unique to the user requesting the distribution acquired by the f * » a block . * a S ram f 0W,n S 10 exam P le confi 8 u " 

fourth computer program code means, wherein the second 40 r f on of the CSS6ntl , al P arte ° f ^ 

computer program code means distributes the channel secret chat ^m 'ermuial ™* ^ » system according to this 

key encrypted by the fifth computer program code means to mvention In the key management server 3 of this chat 

the terminal unit through the channel. s y s,em ; the channel ^ g e " erated ^ U» <*™nel 

_ , secret key generation section 34 is encrypted by the encryp- 

TTierefore, the computer controlled by this computer tion section 33. When the channel secret key request receiv- 

program which acquires the public key umque to the user 45 n ^ distribution ^ of ^ chin . 

from an external unit can keep the communication secret key unique to the channel X(4) from the chat cbent 

even in the case where the reliability of the chat server used t thK)Ugh (he channel x(4)> ^ chanQel secret key distri . 

y it is ow. bution section 32 distributes the channel secret key 

The above and further objects and features of the inven- encrypted by the encryption section 33 to the chat client 1 

tion will more fully be apparent from the following detailed 50 thrcmgh thc channel x(4) In mG 5> the chat client x a]onc 

descnption taken with accompanying drawings. & shown to represent all the chat clients. 

BRIEF DESCRIPTION OF THE SEVERAL * n cnat cnenl * °f tms cnat system, the channel secret 

VIEWS OF THE DRAWINGS ^ey unique to the channel X(4) requested by the channel 

55 secret key request section 11 through the channel X(4) 

FIG. 1 is a diagram for explaining the principle of a selected by the channel selection section 10 is received by 

conventional chat system; the chan nel secret key receiving section 12. The channel 

FIG. 2 is a block diagram showing an example configu- secret key received by the channel secret key receiving 

ration of the essential parts of a conventional chat system; section 12 is decrypted by the channel secret key decryption 

FIG. 3 is a block diagram showing an example configu- 60 section 13. 

ration of the essential parts of a conventional chat system; The input signal received by the input unit 14 is encrypted 

FIG. 4 is a diagram for explaining the principle of the chat by the encryption section 15 using the channel secret key 

system according to the invention; decrypted by the channel secret decryption section 13, and 

FIG. 5 is a block diagram showing an example configu- the in P u t signal thus encrypted is transmitted by the trans- 
ration of the essential parts of a key management server, a 65 mission section 16 to the channel X(4). 
chat system terminal unit and a chat system according to the The signal transmitted from other chat clients through the 
invention; channel X(4) is received by the receiving section 17. The 
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signal received by the receiving section 17 is decrypted by request section U, and a channel secret key decryption 
the decryption section 18 using the channel secret key. The section 13 for decrypting the channel secret key received by 
received signal decrypted by the decryption section 18 is the channel secret key receiving section 12 using the secret 
converted into a character by the output unit 19 and dis- key (user secret key) generated by the user key pair gen- 
played on a display screen (not shown). s eration section 36. 

In this way, the key management server 3 is located at the The chat client la includes an input unit 14 for receiving 

same position as the chat client 1 as viewed from the chat the input signal from the keyboard (not shown), an encryp- 

server 2, and the channel secret key unique to each channel tion section 15 for encrypting the input signal received by 

is generated, encrypted and applied to the chat client 1. Thus, the input unit 14 using the channel secret key decrypted by 

the communication can be kept secret even when using a in the channel secret key decryption section 13, a transmission 

chat server of low reliability. section 16 for transmitting the input signal encrypted by the 

Now, various embodiments of the invention will be spe- encryption section 15 to the channel X(4), a receiving 

cifically described below. section 17 for receiving the signal arriving from other chat 

Embodiment 1 clients through the channel X(4), a decryption section 18 for 

FIG. 6 is a block diagram showing a configuration of the 15 decrypting the signal received by the receiving section 17 

essential parts according to a first embodiment of a key using the channel secret key, and an output unit 19 for 

management server, a chat system terminal unit and a chat converting into a character, outputting and displaying on a 

system according to the invention. In FIG. 6, the chat server display screen (not shown) the received signal decrypted by 

2, the key management server 3a and a single chat client la the decryption section 18. 

are equivalent to the chat server 54, the key management 20 Now, the operation of the chat system having this con- 
server 64a and the chat clients 60 to 63, 65 to 69 of the chat figuration will be explained. 

system shown in FIG. 4, respectively, of which the essential When the chat client la is connected to the channel X(4), 

parts are shown in detail. This key management server 3a the encryption section 33 of the key management server 3a 

provides a chat system terminal unit comprising a channel encrypts the channel secret key generated by the channel 

secret key generation section 34 (channel secret key gen- 25 secret key generation section 34 using the public key 

eration means), a public key acquisition section 37 (public acquired by the public key acquisition section 37 from the 

key acquisition means), an encryption section 33 chat client la. When the channel secret key request receiv- 

(encryption means), a channel secret key request receiving ing section 31 receives the distribution request of the chan- 

section 31 (receiving means) and a channel secret key nel secret key unique to the channel X(4) from the chat client 

distribution section 32 (distribution means). 30 la through the channel X(4), the channel secret key distri- 

The channel secret key generation section 34 generates a bution section 32 distributes the channel secret key unique 

channel secret key unique to each channel for encrypting/ to the channel X(4) encrypted by the encryption section 33 

decrypting the communication data exchanged through each to the chat client la through the channel X(4). 

of a plurality of channels managed by one or more chat In the chat client la, the user key pair generation section 

servers. The public key acquisition section 37 acquires the 35 36 generates the pair of the public key and the secret key 

public key unique to the user from the chat client la through unique to the user, and when the chat client la is connected 

the chat server 2 and registers the public key together with to the channel X(4) selected by the channel selection section 

the user name when the chat client la is connected to the 10, the user public key sending section 35 sends out the 

channel X(4) managed by the chat server 2. public key generated by the user key pair generation section 

The encryption section 33 encrypts the channel secret key 40 36 to the key management server 3a through the chat server 

generated by the channel secret key generation section 34 2. 

using the public key unique to the user acquired by the The channel secret key request section 11 of the chat 
public key acquisition section 37. The channel secret key client la requests the channel secret key unique to the 
request receiving section 31 receives the distribution request channel X(4) from the key management server 3a, and the 
of the channel secret key unique to the channel X(4) from 45 channel secret key receiving section 12 receives the channel 
the chat client la through the channel X(4). When the secret key requested thereby. The channel secret key 
channel secret key request receiving section 31 receives the received by the channel secret key receiving section 12 is 
distribution request, the channel secret key distribution decrypted by the channel secret key decryption section 13 
section 32 distributes the channel secret key unique to the using the secret key generated by the user key pair genera- 
channel X(4) encrypted by the encryption section 33 to the 50 tion section 36. 

chat client la through the channel X(4). It is not necessarily The input signal received by the input unit 14 is encrypted 

a single chat server to which the key management server 3a by the encryption section 15 using the channel secret key 

is connected and of which the channel secret key of each decrypted by the channel secret key decryption section 13, 

channel is managed by the key management server 3a. and the encrypted input signal is transmitted to the channel 

The chat client la includes a channel selection section 10 55 X(4) by the transmission section 16. 

for selecting the channel connected, a channel secret key The signal arriving from other chat clients through the 

request section 11 for requesting the channel secret key channel X(4) is received by the receiving section 17. This 

unique to the channel X(4) through the channel X(4) signal is decrypted by the decryption section 18 using the 

selected by the channel selection section 10, a user key pair channel secret key, and the received signal decrypted by the 

generation section 36 for generating the pair of the public 60 decryption section 18 is converted into a character by the 

key and the secret key unique to the user, a user public key output unit 19 and displayed on a display screen (not 

sending section 35 for sending out the public key (user shown). 

public key) generated by the user key pair generation section The channel secret key generation section 34 of the key 

36 to the key management server 3a through the chat server management server 3a generates a channel secret key for 

2 when the chat client la is connected to the channel X(4), 65 each of a plurality of groups into which the chat clients are 

a channel secret key receiving section 12 for receiving the segmented in the channel managed by the chat server 2. The 

channel secret key requested by the channel secret key encryption section 33 encrypts the channel secret key gen- 
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erated by the channel secret key generation section 34 using user authentication section 38 receives a distribution 

the public key acquired by the public key acquisition section request, the channel secret key distribution section 32 dis- 

37 from the chat client of the particular group. When the tributes the channel secret key unique to the channel X(4) 

channel secret key request receiving section 31 receives the encrypted by the encryption section 33 to the chat client lb 

distribution request for the encrypted channel secret key, the 5 through the channel X(4). 

channel secret key distribution section 32 distributes the FIG. 8 is a block diagram showing an example configu- 

encrypted channel secret key to the chat client la through ration of the essential parts of the channel secret key 

the channel X(4). generation section 34. The channel secret key generation 

Embodiment 2 section 34 includes a channel status monitor section 40 for 

HG. 7 is a block diagram showing a configuration of the 10 monitoring the status of each channel managed by the chat 

essential parts of a key management server, a chat system server 2 (FIG. 7) and a key generation section 39 for 

terminal unit and a chat system according to a second generating a channel secret key of each channel the status of 

embodiment of the invention. This key management server which is monitored by the channel status monitor section 40. 

3 b includes a channel secret key generation section 34 and The key generation section 39 generates a channel secret key 

a public key acquisition section 37a. The channel secret key is by multiplying the hash function such as MD 5 by the time 

generation section 34, likewise the first embodiment, gen- information (date and time of key generation, and the 

erates a channel secret key unique to each channel for information changing from time to time), the information 

encrypting/decrypting the communication data exchanged unique to the channel, the secret information of the key 

through each of a plurality of channels managed by one or management server 36 (the secret information held only by 

more chat servers. The public key acquisition section 37a 20 the corresponding terminal) or a random number (random 

acquires the public key unique to the user from the public information). 

key management server (not shown) for managing the public When the channel status monitor section 40 detects that 

key externally when the chat client lb is connected to the the user connected to the channel becomes zero, the key 

channel X(4) managed by the chat server 2. generation section 39 generates the channel secret key again. 

The key management server 3b includes an encryption 25 The channel secret key distribution section 32 (FIG. 7) 

section 33 and a user authentication section 38 (receiving distributes the channel secret key thus generated again to the 

means). The encryption section 33 encrypts the channel chat client. 

secret key generated by the channel secret key generation The timing (opportunity) of generating the channel secret 

section 34 using the public key unique to the user acquired key again is when the channel status monitor section 40 

by the public key acquisition section 37a. The user authen- 30 detects that the first user is connected to the channel from the 

tication section 38 first receives the user authentication state zero of the user or it may be the time when the 

information together with a distribution request of the chan- communication in the channel is detected to cease for at least 

nel secret key unique to the channel X(4) from the chat client a predetermined time. 

lb. The user authentication information is the one encrypted Also, assume that a membership channel is available in 

using the user secret key at the chat client lb and further 35 which a member management server exists for managing the 

encrypted using the public key of the key management member data base of the channel at the same position as the 

server 36 acquired from the public key management server key management server of the same channel (visible to the 

(not shown). The authentication information thus received is client from the chat server) and the user joins or withdraws 

decrypted using the secret key of the key management server from the member management server by some means or 

3b and the public key of the user, and it is determined 40 other. Each time a member withdraws, the member man- 

whether the decrypted authentication information is correct agement server can issue a command to the key management 

or not. In the case where the authentication information is server to generate the channel secret key again. In such a 

correct, the distribution request of the channel secret key is case, the key management server and the member manage - 

accepted. ment server may be integrated with each other. 

The fact that the correct authentication information can be 45 Also, in the case where the deadline of the key is written 

obtained by decryption using the public key of the user in the channel secret key and has passed, the key manage- 

shows that the authentication information has been ment server can generate the channel secret key again. Once 

encrypted by the secret key of the user, i.e. that it is the the deadline of the key is passed, the chat client requests the 

authentication information sent from the user himself. key management server to acquire a new key. The chat client 

Instead of the real-time user authentication described 50 holds the key for some time after the deadline thereof, and 
above, the user information and the public key can be can decrypt the message encrypted by the old key using the 
registered in advance for the manager of the key manage- key ID added to the encryption message. The key manage- 
ment server 3b by another method such as an off-line. In the ment server, when finding a chat client transmitting the 
case where the public key of the user is registered in the key encrypted message past the deadline, distributes a new key. 
management server 3b in advance or in the case where the 55 The chat client lb (FIG. 7), on the other hand, includes a 
key management server 3b can acquire the public key of the channel selection section 10 for selecting a channel to be 
user from the public key management server through connected, a user authentication information sending section 
another route, the key management server 3b generates a 11a, a channel secret key receiving section 12 and a channel 
random number and thus encrypting the random number secret key decryption section 13. The user authentication 
using the public key, transmits the encrypted public key to 60 information sending section 11a requests a channel secret 
the chat client lb. A challenge and response system can be key unique to the channel X(4) from the key management 
conceived in which the chat client lb decrypts the secret key server 3b through the channel X(4) selected by the channel 
of the user, and further, the authentication information can selection section 10, while at the same time encrypting the 
be encrypted with the public key of the key management user authentication information using the secret key of the 
server 3b } and returned to the key management server 3b. 65 user acquired from the public key management server and 

The key management server 3b includes a channel secret further encrypting and sending the encrypted authentication 

key distribution section 32 (distribution means). When the information out using the public key of the key management 
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server 3b acquired from the public key management server. mation is encrypted using the user secret key acquired from 
The channel secret key receiving section 12 receives the the public key management server (not shown), and further 
channel secret key requested by the user authentication encrypted and sent out using the public key of the key 
information sending section 11a. The channel secret key management server 3b acquired from the public key man- 
decryption section 13 decrypts the channel secret key s agement server. 

received by the channel secret key receiving section 12 The channel secret key receiving section 12 receives the 

using the user secret key acquired from the public key channel secret key requested by the user authentication 

management server. information sending section llo, and the channel secret key 

This chat client lb includes an input unit 14 for receiving decryption section 13 decrypts the received channel secret 

the input signal from a keyboard (not shown), an encryption 10 key using the user secret key acquired from the public 

section 15 for encrypting the input signal received by the management server. 

input unit 14 by the channel secret key decrypted by the The input signal received by the input unit 14 is encrypted 

channel secret key decryption section 13, a transmission by the encryption section 15 using the channel secret key 

section 16a for transmitting the input signal encrypted by the decrypted by the channel secret key decryption section 13, 

encryption section 15 to the channel X(4), a receiving 15 and the input signal thus encrypted is transmitted by the 

section 17 for receiving the signal arriving from other chat transmission section 16a to the channel X(4). In the process, 

clients through the channel X(4), a decryption section 18a the transmission section 16a transmits also the information 

for decrypting the signal received by the receiving section indicating the encryption added to the communication data 

17 using the channel secret key, and an output unit 19 for encrypted by the encryption section 15. 

converting into a character, outputting and displaying the 20 The signal arriving from other chat clients through the 

received signal decrypted by the decryption section 18a on channel X(4) is received by the receiving section 17. The 

a display screen (not shown). signal received by the receiving section 17 is decrypted 

Now, the operation of the chat system having the above- using the channel secret key by the decryption section 18a 

mentioned configuration will be explained. in the case where the information indicating the encryption 

When the chat client lb is connected to the channel X(4), 25 is added thereto. The received signal decrypted by the 

the encryption section 33 of the key management server 3b decryption section 18a is converted into a character and 

encrypts the channel secret key generated by the channel displayed on a display screen (not shown) by the output unit 

secret key generation section 34 using the public key 19, In the case where the information indicating the encryp- 

acquired from the public key management server 37a by the tion is not added to the signal received by the receiving 

public key acquisition section 37a. The public key acquisi- 30 section 17, the signal represents a plaintext and is sent to the 

tion section 37a holds the public key acquired from the output unit 19 without being decrypted by the decryption 

public key management server for a predetermined length of section 18a. The output unit 19 converts the signal into a 

time and thus saves the time required for the public acqui- character and displays it on a display screen (not shown), 

sition section 37a to acquire the public key before the The channel secret key includes the ID of the key itself, 

communication is started by the chat client lb. 35 The key ID is given by a serial number indicating the order 

The user authentication section 38 receives a distribution in which the key is issued by the key management server, 

request for the channel secret key unique to the channel X(4) The key management server distributes the channel secret 

from the chat client lb through the channel X(4). At the key including the ID in encrypted form to the chat clients, 

same time, the distribution request is encrypted by the user Also, the ID of the key used for encryption can be used 

secret key by the chat client lb, so that an authentication 40 as an example of information indicating the fact of encryp- 

information is received which is further encrypted using the tion. 

public key of the key management server 3b acquired from Embodiment 3 

the public key management server. Also, the user authenti- FIG. 9 is a block diagram showing a configuration of the 

cation section 38 decrypts the received authentication infor- essential parts of a third embodiment of a key management 

mation using the secret key of the key management server 3b 45 server, a chat system terminal unit and a chat system 

and the user public key, judges whether the authentication according to this invention. The key management server 3c 

information thus decrypted is correct or not, and when the constituting the chat system terminal unit includes a channel 

authentication information is correct, accepts the distribu- secret key generation section 34 and a pubic key acquisition 

tion request for the channel secret key. section 31b. The channel secret key generation section 34, 

When the user authentication section 38 accepts the 50 likewise in the first embodiment, generates a channel secret 

distribution request for the channel secret key from the chat key unique to each channel for encrypting/decrypting the 

client lb, the channel secret key distribution section 32 communication data exchanged through a plurality of chan- 

distributes the channel secret key unique to the channel X(4) nels managed by one or more chat servers. When the chat 

encrypted by the encryption section 33 to the chat client la client lc is connected to the channel X(4) managed by the 

through the channel X(4). 55 chat server 2, the public key acquisition section 31b acquires 

When the user having the public key acquired by the the public key unique to the particular user from an external 

public key acquisition section 37a is connected to a plurality public key management server (not shown), while at the 

of channels, the encryption section 33 encrypts the channel same time acquiring the public key unique to other users as 

secret key unique to each channel using the same public key required and registering them with the user names, 

regardless of the channel involved. The channel secret key 60 The key management server 3c includes an encryption 

distribution section 32 distributes these channel secret keys section 33, a channel secret key request receiving section 31, 

encrypted by the encryption section 33. a channel secret key distribution section 32, a public key 

The user authentication information sending section 11a request receiving section 41 (receiving means) and a public 

of the chat client lb requests a channel secret key unique to key distribution section 42 (distribution means). The encryp- 

the channel X(4) from the key management server 3b 65 tion section 33 3 encrypts the channel secret key unique to 

through the channel X(4) selected by the channel selection the channel X(4) generated by the channel secret key gen- 

section 10. At the same time, the user authentication infor- eration section 34 using the public key unique to the user 
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acquired by the public key acquisition section 376. The 
channel secret key request receiving section 31 receives the 
distribution request for the channel secret key from the chat 
client lc through the channel X(4). When the channel secret 
key request receiving section 31 receives the distribution s 
request, the channel secret key distribution section 32 dis- 
tributes the channel secret key encrypted by the encryption 
section 33 to the chat client lc through the channel X(4). The 
public request receiving section 41 receives the distribution 
request for the public key of the remote user for the chat 10 
client lc from the chat client lc. When the public key 
request receiving section 41 receives a distribution request, 
the public key distribution section 42 distributes the public 
key of the remote user acquired by the public key acquisition 
section 376 to the chat client lc. 15 

The chat client lc, like in the first embodiment, includes 
a channel selection section 10 for selecting the channel to be 
connected, a channel secret key request section 11 for 
requesting a channel secret key unique to the channel X(4) 
through the channel X(4) selected by the channel selection 20 
section 10, a channel secret key receiving section 12 for 
receiving the channel secret key requested by the channel 
secret key request section 11, and a channel secret key 
decryption section 13 for decrypting the channel secret key 
received using the channel secret key receiving section 12 25 
by means of the secret key (user secret key) acquired from 
the public key management server. 

The chat client lc also includes a session key generation 
section 45 (session key generation means), a public key 
request section 47 (requesting means), a pubic key receiving 30 
section 43 (receiving means), a session key encryption 
section 44 (encryption means) and a session key distribution 
section 46 (session key distribution means). The session key 
generation section 45 generates a session key for encrypting/ 
decrypting the communication data in the one-to-one com- 35 
munication in the channel X(4). The public key request 
section 47 requests a public key for the remote user from the 
public key requesting server 3c through the channel X(4). 
The public key receiving section 43 receives the public key 
requested by the public key request section 47. The session 40 
key encryption section 44 encrypts the session key generated 
by the session key generation section 45 by the public key 
received by the pubic key receiving section 43. The session 
key distribution section 46 distributes the session key 
encrypted by the session key encryption section 44 to the 45 
chat client (terminal unit) of the remote user through the 
channel X(4). 

The chat client lc includes an input unit 14 for receiving 
the input signal from a keyboard (not shown), an encryption 
section 15a and a receiving section 17. The encryption 50 
section 15a encrypts the input signal received by the input 
unit 14 using the channel secret key decrypted by the 
channel secret key decryption section 13. At the same time, 
at the time of one-to-one communication in the connected 
channel, the input signal received by the input unit 14 is 55 
encrypted using the session key generated by the session key 
generation section 45. The transmission section 16 transmits 
the input signal encrypted by the encryption section 15a to 
the channel X(4). The receiving section receives the signal 
arriving from other chat clients through the channel X(4). 60 

The chat client lc also includes a decryption section 186 
and an output unit 19. The decryption section 18b decrypts 
the signal received by the receiving section 17 using the 
channel secret key, and also decrypts the signal received by 
the receiving section 17 using the session key generated by 65 
the session key generation section 45 at the time of one-to- 
one communication in the connected channel. The output 



unit 19 converts the received signal decrypted by the decryp- 
tion section 186 into a character, outputs and display it on a 
display screen (not shown). 

Now, the operation of a chat system having the above- 
mentioned configuration will be explained. 

When the chat client lc is connected to the channel X(4), 
the encryption section 33 of the key management server 3c 
encrypts the channel secret key unique to the channel X(4) 
generated by the channel secret key generation section 34 
using the public key acquired from the public key manage- 
ment server by the channel key acquisition section 376. 
When the channel secret key request receiving section 31 
receives the distribution request of the channel secret key 
from the chat client lc through the channel X(4), the channel 
secret key distribution section 32 distributes the channel 
secret key encrypted by the encryption section 33 to the chat 
client lc through the channel X(4). 

Also, when the public key request receiving section 41 of 
the key management server 3c receives the distribution 
request for the public key of the corresponding remote user 
from the chat client lc, the pubic key distribution section 42 
distributes the public key of the remote user acquired by the 
public key acquisition section 376 to the chat client lc. 

The channel secret key request section 11 of the chat 
client lc requests the key management server 3c for the 
channel secret key unique to the channel X(4), and the 
channel secret key receiving section 12 receives the 
requested channel secret key. The channel secret key 
received by the channel secret key receiving section 12 is 
decrypted by the channel secret key decryption section 13 
using the user secret key acquired from the public key 
management server. 

Also, the session key generation section 45 of the chat 
client lc generates a session key at the time of one-to-one 
communication in the channel X(4), and the public key 
request section 47 requests the public key of the remote user 
from the key management server 3c through the channel 
X(4). The public key receiving section 43 receives the public 
key requested by the public key request section 47 from the 
key management server 3c through the chat server 2. 

The session key encryption section 44 encrypts the ses- 
sion key generated by the session key generation section 45 
using the public key received by the public key receiving 
section 43. The session distribution section 46 distributes the 
session key encrypted by the session key encryption section 
44 to the chat clients of the remote user through the channel 
X(4). 

The encryption section 15a of the chat client lc encrypts 
the input signal received by the input unit 14 using the 
channel secret key decrypted by the channel secret key 
decryption section 13, In conducting the one-to-one com- 
munication in the connected channel, on the other hand, the 
encryption section 15a encrypts the input signal received by 
the input unit 14 using the session key generated by the 
session key generation section 45 or the session key 
acquired from the remote chat client. The transmission 
section 16 transmits the input signal encrypted by the 
encryption section 15a to the channel X(4). The receiving 
section 17 receives the signal arriving from other chat clients 
through the channel X(4). 

The decryption section 186 of the chat client lc decrypts 
the signal received by the receiving section 17 using the 
channel secret key. In one-to-one communication in the 
connected channel, on the other hand, the decryption section 
186 decrypts the signal received by the receiving section 17 
using the session key generated by the session key genera- 
tion section 45 or the session key acquired from the remote 
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chat client. The output unit 19 converts the received signal Further, it is not necessary to acquire the corresponding 

decrypted by the decryption section lHb into a character and public key each time the terminal unit is connected with a 

outputs it to and displays it on a display screen (not shown). channel. 

Embodiment 4 Furthermore, the user is not required to have a plurality of 

FIG. 10 is a diagram for explaining a configuration of a 5 public keys, and the public key acquisition means can easily 

recording medium according to a fourth embodiment of this manage the acquired keys. 

invention. In this embodiment, a flexible disk FD providing In addition, the terminal unit of the chat system according 

a recording medium has recorded therein a computer pro- to this invention has the following effects. First, one-to-one 

gram PR including a program code means ST2 for gener- communication is possible while keeping secret even in the 

ating the channel secret key unique to each channel, a ao channel connecting three or more terminal units, 

program code means ST4 for receiving a distribution request Also, the communication data requiring security can be 

of the channel secret key unique to the channel from other encrypted whereas the communication data of no security 

terminal units through the channel managed by a chat server, can be communicated in a plaintext, 

and a program code means ST6 for acquiring the public key Further, the communication can be kept secret without 

unique to the user from an external unit. The channel secret 15 resorting to the reliability of the chat server, 

key unique to each channel is for encrypting/decrypting the Also, with the computer controlled by the computer 

communication data exchanged through each of a plurality program recorded in the recording medium according to the 

of channels managed by one or more chat servers. invention, the communication can be kept secret even when 

Also, the flexible disk FD further includes a computer using a chat server of low reliability, 

program PR having a program code means ST8 and a 20 As this invention may be embodied in several forms 

program code means ST10. When the program code means without departing from the spirit of essential characteristics 

ST4 receives a distribution request, the program code means thereof, the present embodiments are therefore illustrative 

ST8 encrypts the channel secret key using the public key and not restrictive, since the scope of the invention is defined 

unique to the user requesting the distribution. The program by the appended claims rather than by the description 

code means ST10, on the other hand, distributes the channel 25 preceding them, and all changes that fall within metes and 

secret key unique to the channel to the terminal unit through bounds of the claims, or equivalence of such metes and 

the channel when the program code means ST4 receives a bounds thereof are therefore intended to be embraced by the 

distribution request. claims. 

The flexible disk FD is loaded in a disk drive DD and the What is claimed is: 

contents thereof are read into a personal computer PC. The 30 1. A key management server constituting a first terminal 

computer program PR thus read is used for controlling the unit, comprising: 

personal computer PC. channel secret key generation means for generating a 

The configuration and operation of other parts are similar channel secret key unique to each channel for 

to those of the terminal unit of the chat system according to encrypting/decrypting communication data exchanged 

the first embodiment and will not be described. 35 through each of a plurality of channels managed by one 

The recording medium according to the invention can be or more cn at servers; 

embodied as shown in FIG. 11 instead of as shown above. encryption means for 'encrypting a channel secret key 

tins embodiment comprises a personal computer 71 pro- wnentBd by said channel secret key generation means; 

viding a processor, a display 72 lor displaying character data - ... , , 

or the like, and input units including a keyboard 73 and a 40 "wiving means receiving through a channel managed 

mouse 74. The personal computer 71 is loaded with a b ? said ' chat ^ •* d ^ nbutl0n for a channel 

program PR (FIG. 10) as described above from various ^ ^y unique to said channel from a second ter- 

recording media. The recording media can be a portable mma umt * an 

recording medium 75 such as a magnetic disk or a distribution means for distributing the channel secret key 

CD-ROM. A program communication is also possible by 45 unic l ue t0 said channel encrypted by said encryption 

radio or wire with the personal computer 71. For example, means to said second terminal unit through said chan- 

a line end memory 76 may be arranged at a center, or a nel when said receiving means receives the distribution 

RAM, hard disk or the like memory 77 on the processor side request. 

may be mounted in the personal computer 71. 2 ^ ke y management server according to claim 1, 

The key management server according to this invention 50 w h erei n said channel secret key generation means generates 

has the following effects. First, the communication is kept a chaanel ke ? unic l ue 10 each of S rou P s which is 

secret even when using a chat server of low reliability. divided so as to includes a plurality of terminal units in said 

Also, the communication can be kept secret for each of a channel, and 

plurality of groups of the terminal units in the same channel. said receiving means receives the distribution request for 

Further, the channel secret key can be encrypted by the 55 the channel secret key for each group from said second 

public key and distributed to the terminal unit. terminal unit. 

Furthermore, the communication can be kept secret even 3- The key management server according to claim 1, 

when a chat server of low reliability is used without dis- further comprising public key acquisition means for acquir- 

tributing the channel secret key to outsiders. ing a public key unique to a user from an external unit; 

In addition, it is difficult to duplicate the channel secret 60 wherein said encryption means encrypts the channel 
key illegally, and therefore the communication can be kept secret key generated by said channel secret key gen- 
secret even in the case where a chat server of low reliability eration means using the public key which is acquired 
is used. by said public key acquisition means and is unique to 

What is more, even when the channel secret key is a user requesting the distribution when said receiving 

duplicated illegally, the validity thereof is lost within a short 65 means receives the distribution request, 

time. Therefore, the communication is kept secret even 4. The key management server according to claim 3, 

when a chat server of low reliability is used. wherein said public key acquisition means acquires said 
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public key when said second terminal unit is connected to a 
channel managed by the chat server. 

5. The key management server according to claim 3, 
wherein said public key acquisition means acquires said 
public key from said second terminal unit and registers said 5 
public key and the associated user name when said second 
terminal unit is connected to a channel managed by the chat 
server. 

6. The key management server according to claim 1, 
wherein said receiving means receives a user authentication 
information together with the distribution request for said 
channel secret key, judges whether the received user authen- 
tication information is correct or not, and when judging that 
said authentication information is correct, accepts said dis- 15 
tribution request. 

7. The key management server according to claim 1, 
wherein said channel secret key generation means generates 
said channel secret key based on selected one of an infor- 
mation changing from time to time, an information unique 2Q 
to each channel, a secret information held only by a terminal 
associated with said channel and a random information. 

8. The key management server according to claim 1, 
wherein said channel secret key generation means generates 
again at a predetermined opportunity the channel secret key 25 
generated and distributed, and said distribution means dis- 
tributes said channel secret key generated again by said 
channel secret key generation means. 

9. The key management server according to claim 3, 
wherein said public key acquisition means holds the 3Q 
acquired public key for a predetermined length of time. 

10. The key management server according to claim 3, 
wherein when a user of the public key acquired by said 
public key acquisition means is connected to a plurality of 
channels, said encryption means encrypts the channel secret 35 
key unique to each channel using said public key regardless 

of the channel. 

11. The key management server according to claim 1, 
further comprising: 

second receiving means for receiving a distribution 40 
request for a public key of a remote user of a second 
terminal unit received from said second terminal unit 
through a channel managed by a chat server; and 

second distribution means for distributing said public key 
acquired by said public key acquisition means to said 45 
second terminal unit when said second receiving means 
receives the distribution request. 

12. A terminal unit for a chat system to conduct the 
one-to-one communication with a terminal unit of a remote 
user, comprising: 50 

session key generation means for generating a session key 
for encrypting/decrypting communication data for the 
one-to-one communication in a channel managed by a 
chat server; 

means for requesting a public key from a key manage- 55 
ment server for distributing said public key of a remote 
user through a channel managed by the chat server; 

means for receiving said public key requested by said 
public key requesting means; 6Q 

encryption means for encrypting the session key gener- 
ated by said session key generation means using the 
public key received by said public key receiving 
means; and 

means for distributing the session key encrypted by said 65 
encryption means to the terminal unit of a remote user 
through said channel. 



13. A chat system terminal unit comprising: 
encryption means for encrypting communication data 

using the channel secret key unique to each channel 
distributed from a key management server for 
encrypting/decrypting the communication data 
exchanged through each of a plurality of channels 
managed by one or more chat servers; 

means for outputting the communication data encrypted 
by said encryption means together with the information 
indicating an encryption to a channel managed by a 
chat server; and 

means for decrypting the communication data by said 
channel secret key when the communication data 
received from said channel includes the information 
indicating the encryption. 

14. A chat system comprising: 

a chat server for managing a plurality of channels for 

exchanging communication data; and 
a key management server constituting a first terminal unit 
for distributing a channel secret key unique to each 
channel to a second terminal unit for encrypting/ 
decrypting the communication data exchanged through 
each of a plurality of channels managed by said one or 
a plurality of chat servers; 
wherein said key management server includes: 

channel secret key generation means for generating the 

channel secret key; 
encryption means for encrypting the channel secret key 
generated by said channel secret key generation 
means; 

receiving means for receiving a distribution request for 
the channel secret key unique to each channel from 
said second terminal unit through a channel managed 
by said chat server; and 

distribution means for distributing the channel secret 
key unique to said channel encrypted by said encryp- 
tion means through said channel to said second 
terminal unit when said receiving means receives 
said distribution request. 

15. The chat system according to claim 14, 
wherein said key management server further includes: 

second receiving means for receiving a distribution 
request for a public key of a remote user of a second 
terminal unit sent from said second terminal unit 
through a channel managed by a chat server; and 

second distribution means for distributing said public 
key acquired by said public key acquisition means to 
said second terminal unit when said second receiving 
means receives the distribution request. 

16. A chat system comprising: 

a chat server for managing a plurality of channels for 
exchanging communication data; and 

a terminal unit for conducting communication through a 

channel managed by said chat server, 
wherein said terminal unit includes: 

session key generation means for generating a session 
key for encrypting/decrypting communication data 
for one-to-one communication in a channel managed 
by the chat server; 

means for requesting a public key from a key manage- 
ment server for distributing the public key of a 
remote user through a channel managed by the chat 
server; 

means for receiving said public key requested by said 
public key requesting means; 
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encryption means for encrypting the session key gen- 
erated by said session key generation means using 
the public key received by said public key receiving 
means; and 

means for distributing the session key encrypted by 
said encryption means to the terminal unit of a 
remote user through said channel. 

17. The chat system according to claim 14, further com- 
prising: 

a terminal unit for conducting the communication through 

a channel managed by said chat server, 
wherein said terminal unit includes: 
session key generation means for generating a session 
key for encrypting/decrypting communication data 
for one-to-one communication in a channel managed 
by the chat server; 
means for requesting a public key from a key manage- 
ment server for distributing the public key of a 
remote user through a channel managed by the chat 
server; 

means for receiving said public key requested by said 
public key requesting means; 

encryption means for encrypting a session key gener- 
ated by said session key generation means using the 
public key received by said public key receiving 
means; and 

means for distributing the session key encrypted by 
said encryption means to the terminal unit of a 
remote user through said channel. 

18. The chat system according to claim 15, further com- 
prising: 

a terminal unit for conducting communication through a 

channel managed by said chat server, 
wherein said terminal unit includes: 

session key generation means for generating a session 
key for encrypting/decrypting communication data 
for one-to-one communication in a channel managed 
by the chat server; 

means for requesting a public key from a key manage- 
ment server for distributing the public key of a 
remote user through a channel managed by the chat 
server; 

means for receiving said public key requested by said 
public key requesting means; 
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encryption means for encrypting the session key gen- 
erated by said session key generation means using 
the public key received by said public key receiving 
means; and 

5 means for distributing the session key encrypted by 
said encryption means to the terminal unit of the 
remote user through said channel. 

19. A computer memory product having computer read- 
able program code means, said computer readable program 

10 code means comprising: 

first computer readable program code means for causing 
a computer to generate a channel secret key unique to 
each channel for encrypting/decrypting the communi- 
cation data exchanged through each of a plurality of 

15 channels managed by one or more chat servers; 

second computer readable program code means for caus- 
ing the computer to receive, through a channel man- 
aged by the chat server, a distribution request for a 
channel secret key unique to the channel from one 

20 terminal unit; and 

third computer readable program code means for causing 
the computer to distribute the channel secret key unique 
to said channel generated by said first computer pro- 
gram code means through said channel to said terminal 

25 unit when said second computer program code means 
receives the distribution request. 

20. The computer memory product according to claim 19, 
further comprising: 

30 fourth computer readable program code means for caus- 
ing the computer to acquire a public key unique to a 
user from an external unit; and 
fifth computer readable program code means for causing 
the computer to encrypt the channel secret key gener- 

35 ated by said first computer program code means using 
the public key acquired by said fourth computer pro- 
gram code means unique to the user requesting the 
distribution when said second computer program code 
means receives said distribution request; 

40 wherein said second computer program code means dis- 
tributes the channel secret key encrypted by said fifth 
computer program code means to said terminal unit 
through said channel. 

***** 
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